34 matches found
CLSA-2026-1778674879 opensc: Fix of CVE-2024-45619
CVE-2024-45619: fix incorrect access of initialized parts of partially filled buffers triggered by crafted APDU responses from USB devices or smart cards...
RHEL 9 : squid (RHSA-2026:6301)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:6301 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Denia...
PT-2026-26338
Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVE ALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process cras...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the npduisexpectedreply function. An attacker can cause a crash or misroute replies by sending specially crafted PDUs that trigger out-of-bounds reads. Remediation A fix was pushed into the master branch but not y...
EUVD-2022-5820
Malicious code in bioql PyPI...
CVE-2025-48498
A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database...
OpenSC 缓冲区错误漏洞
OpenSC is an open source smart card tool and middleware. A security vulnerability exists in OpenSC smart card middleware prior to version 0.23, which originates from a stack overflow that can be caused by a crafted APDU response...
The vulnerability of the software for agentless monitoring of Solarwinds Server & Application Monitor, related to authentication procedures that allow a hacker to bypass the authentication process and access confidential information.
The vulnerability of the Solarwinds Server & Application Monitor software for agentless monitoring involves deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and gain access to confidential information through...
SUSE CVE-2018-7226
An issue was discovered in vcSetXCutTextProc in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC...
Softing Secure Integration Server 代码问题漏洞
Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A code issue vulnerability exists in Softing Secure Integration...
RealVNC Viewer 输入验证错误漏洞
RealVNC RealVnc Viewer is a remote desktop software from RealVNC UK. It is used for instant remote access to a selected computer. An input validation error vulnerability exists in RealVNC Viewer that stems from RealVNC Viewer version 6.21.406 that allows a remote VNC server to cause a denial of...
Code injection
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...
Design/Logic Flaw
A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service DoS to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets, which should be discarded, are instead replicated and sent...
MongoDB Authorization Issues Vulnerability
MongoDB is a document-oriented database management system from the U.S.-based MongoDB, Inc. An authorization issue vulnerability exists in MongoDB that allows an unauthenticated client to trigger a denial of service by issuing a specially crafted wired protocol message, which could cause the...
IBM MQ and IBM MQ Appliance Denial of Service Vulnerabilities
IBM MQ IBM WebSphere MQ and IBM MQ Appliance are both products of IBM Corporation, U.S.A. IBM MQ is a messaging middleware product. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA.IBM MQ Appliance is an all-in-one appliance for rapid...
Input validation
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames...
ALPINE-CVE-2018-15173
Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service stack consumption and application crash via a crafted TCP-based service...
CVE-2017-12610
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...
CVE-2017-12610
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...
CVE-2018-1000614
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller...